This document summarises the prometheus event queue - what it does and how to use it.

Overview

The prometheus event queue gives users (and applications) a way of specifying that a particular conduit should be run as soon as possible. It does this by adding an event into the event queue, specifying the name of the conduit and any additional arguments to supplement the conduit's default configuration. The intention behind this is that it will enable users and applications to propagate changes quickly, instead of waiting for prometheus's conduit loop. Of particular interest is the ability to add a 'username' argument to restrict a conduit's running to one user only.

Server side

On the server, a continuously running job (prometheus-eventqueue --monitor) checks the event queue every minute and runs any events it finds. Events are run in the order in which they were added. All events are stored in prometheus's LDAP directory under ou=EventQueue,o=Prometheus,dc=inf,dc=ed,dc=ac,dc=uk. Events are keyed on an 'eventhash', which is generated from a combination of the conduit name and arguments, meaning duplicate events will not be added. Details of events being run is logged to /var/lcfg/log/prometheus.eventqueue.

Manipulating the queue

There are two ways to manipulate the event queue:

  • programmatically using the API provided by Prometheus::Store::Olympus::EventQueue
  • through the command line tool prometheus-eventqueue

Both are documented, see:

  • perldoc Prometheus::Store::Olympus::EventQueue
  • man prometheus-eventqueue

Examples

View the list of conduits which can be run:

prometheus-eventqueue --listconduits

Add an event to the event queue to run the Role Expander conduit with its default configuration:

prometheus-eventqueue --add Prometheus::Conduits::RoleExpander

Add an event to the event queue to run the Role Expander conduit for a particular user:

prometheus-eventqueue --add Prometheus::Conduits::RoleExpander --args username=juser

Similar to the above, but for the KDC conduit (e.g. after running theogony enable-account or theogony disable-account without --trigger):

prometheus-eventqueue --add Prometheus::Conduits::SyncToKDC::Conduit --args username=juser

Display the list of events in the event queue:

prometheus-eventqueue --display

Example output from /var/lcfg/log/prometheus.eventqueue, as events are run on the prometheus server:

2016-06-28_17:12:10:26551
Running event: add3c87de711a4990e4158e429b47b0c
Conduit: Prometheus::Conduits::RoleExpander
Additional options: --username juser
2016-06-28_17:12:12:746432
Deleting event: add3c87de711a4990e4158e429b47b0c
2016-06-28_17:12:12:760998
Running event: 49c6d30fe9ab4ccb64d147fe4f586017
Conduit: Prometheus::Conduits::SystemLDAP::Entitlements::Conduit
Additional options: --username juser
2016-06-28_17:12:12:905800
Deleting event: 49c6d30fe9ab4ccb64d147fe4f586017

Integration into prometheus utilities.

The following prometheus utilities have had event queue integration added:

modify-user

modify-user --trigger --addrole rolename juser

The --trigger argument means that modify-user will add appropriate trigger events to the event queue. In the case above, using --trigger would be analogous to adding the following events:

prometheus-eventqueue --add Prometheus::Conduits::RoleExpander --args username=juser
prometheus-eventqueue --add Prometheus::Conduits::SystemLDAP::Entitlements::Conduit --args username=juser

We expect to add event queue integration to other prometheus utilities, as appropriate.


theogony disable-account | enable-account | require-password-change

theogony disable-account --trigger juser

The --trigger argument means that these theogony sub-commands will add appropriate trigger events to the event queue. In the case above, using --trigger does the following:

prometheus-eventqueue --add Prometheus::Conduits::SyncToKDC::Conduit --args username=juser


-- TobyBlake - 31 May 2017

Topic revision: r4 - 01 Jun 2017 - 14:11:15 - TobyBlake
 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
This Wiki uses Cookies